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2a)D This action is FINAL. 2b)E3 This action is non-final. 
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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1, 453 O.G. 213. 
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8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 
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DETAILED ACTION 

1 . In view of the Appeal Brief filed on 19 September 2005, PROSECUTION IS 
HEREBY REOPENED. New grounds of rejection are set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed 
by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and 
appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth 
in 37 CFR 41 .20 have been increased since they were previously paid, then appellant 
must pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 
signing below: 



Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
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only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

3. Claims 1-20 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Yavatkar et al. (U.S. 6,735,702), hereinafter referred to as Yavatkar. 

4. Regarding claim 1 , Yavatkar discloses a method for reconstructing a path taken 
by undesirable network traffic through a computer network from a source of the traffic, 
the method comprising: 

collecting statistics at a plurality of measurement points located within routing 
and forwarding infrastructure of the computer network (col. 3, lines 25-29, Yavatkar 
discloses a method of using agents (mobile software modules) in order to collect data at 
a plurality of points within a network, the data being information about the state of the 
network.); and 

analyzing the statistics to reconstruct the path taken by the undesirable network 
traffic through the network from the source of the traffic (col. 3, lines 29-32, Yavatkar 
discloses the method of determining the source and determining the path taken 
(reconstructing the path) based on the data gathered.). 

5. Claim 9 contains similar subject matter and is rejected under the same rationale 
as claim 1. 

6. Regarding claim 2, Yavatkar discloses the method further comprising blocking 
undesirable network traffic within the computer network upstream of the points based on 
the reconstructed path (col. 14, lines 10-17, Yavatkar discloses methods used to 
combat attacks using source routing by quickly enabling the path of attack traffic to be 



Application/Control Number: 09/855,81 0 Page 4 

Art Unit: 2142 

found. When the path is found, appropriate action is taken, for example installing 
firewall entries at appropriate points in order to block attack traffic). 

7. Claim 10 contains similar subject matter and is rejected under the same rationale 
as claim 2. 

8. Regarding claim 3, Yavatkar discloses the method wherein the routing and 
forwarding infrastructure includes at least one router (Figure 3 and col. 7, II. 46-48, 
Yavatkar illustrates and discloses the use of routers.). 

9. Claim 1 1 contains similar subject matter and is rejected under the same rationale 
as claim 3. 

10. Regarding claim 4, Yavatkar discloses the method wherein the statistics include 
flow-based statistics which provide information related to the same logical traffic flow 
(col. 14, II. 21-30, Yavatkar discloses monitoring at a plurality of nodes in order to 
determine the direction of traffic flow.). 

1 1 . Claim 12 contains similar subject matter and is rejected under the same rationale 
as claim 4. 

12. Regarding claim 5, Yavatkar discloses the method wherein the statistics include 
packet statistics which provide information about a set of packets entering the routing 
and forwarding infrastructure (col. 15, II. 9-17, Yavatkar discloses methods used to 
monitor network traffic characteristics and detect attack traffic). 

13. Claim 13 contains similar subject matter and is rejected under the same rationale 
as claim 5. 
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14. Regarding claim 6, Yavatkar discloses the method further comprising requesting 
and receiving upstream statistics from forwarding infrastructure of the computer network 
upstream the measurement points and wherein the step of analyzing includes the step 
of analyzing the upstream statistics to reconstruct the path taken by the undesirable 
network traffic (col. 14, II. 21-30, Yavatkar discloses monitoring at a plurality of nodes in 
order to determine the direction of traffic flow.). 

15. Claim 14 contains similar subject matter and is rejected under the same rationale 
as claim 6. 

16. Regarding claim 7, Yavatkar discloses the method wherein the step of analyzing 
includes the step of extracting profiles from the statistics collected at the plurality of 
measurement points and comparing the profiles to reconstruct the path taken by the 
undesirable network traffic (col. 15, II. 9-17, Yavatkar discloses methods used to monitor 
network traffic characteristics and detect attack traffic). 

17. Claim 15 contains similar subject matter and is rejected under the same rationale 
as claim 7. 

1 8. Regarding claim 8, Yavatkar discloses the method wherein the computer network 
is the Internet (Figure 3 and col. 7, II. 43-44, Yavatkar illustrates and discloses the use 
of the Internet.). 

19. Claim 16 contains similar subject matter and is rejected under the same rationale 
as claim 8. 
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20. Regarding claim 17, Yavatkar discloses the method wherein the undesirable 
network traffic includes denial of service attacks (col. 13, II. 39-43, Yavatkar discloses 
the operation of the invention to be used to trace denial of service attacks.). 

21 . Claim 1 9 contains similar subject matter and is rejected under the same rationale 
as claim 17. 

22. Regarding claim 1 8, Yavatkar discloses the method wherein the computer 
network includes a plurality of service provider networks (col. 13, II. 44-48, Yavatkar 
discloses of Internet providers in order to assist in shutting down sources that are guilty 
of performing attacks on the network.). 

23. Claim 20 contains similar subject matter and is rejected under the same rationale 
as claim 18. 

Conclusion 

24. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Gulati et al. (U.S. 6,597,684 B1) disclose distributed architecture and associated 
protocols for efficient quality of service-based route computation. 

Shaio et al. (U.S. 6,625,156 B2) disclose a method of implementing quality-of-service 
data communications over a short-cut path through a routed network. 

Copeland, III (US 2003/0105976 A1) discloses flow-based detection of network 
intrusions. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Benjamin A. Ailes whose telephone number is (571 )272- 
3899. The examiner can normally be reached on M-F 6:30-4, IFP Work Schedule. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571)272-3868. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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